cryptplug.h

Go to the documentation of this file.

/*
  this is a C++-ification of:
  CRYPTPLUG - an independent cryptography plug-in API
 
  Copyright (C) 2001,2004 Klarälvdalens Datakonsult AB
 
  CRYPTPLUG is free software; you can redistribute it and/or modify
  it under the terms of GNU General Public License as published by
  the Free Software Foundation; version 2 of the License.
 
  CRYPTPLUG is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.
 
  You should have received a copy of the GNU General Public License
  along with this program; if not, write to the Free Software
  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
 
#ifndef CRYPTPLUG_H
#define CRYPTPLUG_H
 
#include <stdlib.h>
 
#include <gpgmepp/context.h>
#include <gpgme.h> // need it for gpgme_protocol_t :(
#include <tdemacros.h>
 
namespace GpgME {
  class ImportResult;
}
 
typedef enum {
  Feature_undef             = 0,
 
  Feature_SignMessages      = 1,
  Feature_VerifySignatures  = 2,
  Feature_EncryptMessages   = 3,
  Feature_DecryptMessages   = 4,
  Feature_SendCertificates  = 5,
  Feature_WarnSignCertificateExpiry = 6,
  Feature_WarnSignEmailNotInCertificate = 7,
  Feature_PinEntrySettings  = 8,
  Feature_StoreMessagesWithSigs = 9,
  Feature_EncryptionCRLs    = 10,
  Feature_WarnEncryptCertificateExpiry = 11,
  Feature_WarnEncryptEmailNotInCertificate = 12,
  Feature_StoreMessagesEncrypted = 13,
  Feature_CheckCertificatePath = 14,
  Feature_CertificateDirectoryService = 15,
  Feature_CRLDirectoryService = 16,
  Feature_CertificateInfo     = 17
} Feature;
 
/* dummy values */
typedef enum {
  PinRequest_undef            = 0,
 
  PinRequest_Always          = 1,
  PinRequest_WhenAddingCerts = 2,
  PinRequest_AlwaysWhenSigning = 3,
  PinRequest_OncePerSession   = 4,
  PinRequest_AfterMinutes     = 5
} PinRequests;
 
 
typedef enum {
  SignatureCompoundMode_undef    = 0,
 
  SignatureCompoundMode_Opaque   = 1,
  SignatureCompoundMode_Detached = 2
} SignatureCompoundMode;
 
 
typedef enum {
  SendCert_undef              = 0,
 
  SendCert_DontSend           = 1,
  SendCert_SendOwn            = 2,
  SendCert_SendChainWithoutRoot = 3,
  SendCert_SendChainWithRoot  = 4
} SendCertificates;
 
 
typedef enum {
  SignAlg_undef               = 0,
 
  SignAlg_SHA1                = 1
} SignatureAlgorithm;
 
 
 
typedef enum {
  EncryptAlg_undef            = 0,
 
  EncryptAlg_RSA              = 1,
  EncryptAlg_SHA1             = 2,
  EncryptAlg_TripleDES        = 3
} EncryptionAlgorithm;
 
typedef enum {
  SignEmail_undef             = 0,
 
  SignEmail_SignAll           = 1,
  SignEmail_Ask               = 2,
  SignEmail_DontSign          = 3
} SignEmail;
 
typedef enum {
  EncryptEmail_undef          = 0,
 
  EncryptEmail_EncryptAll     = 1,
  EncryptEmail_Ask            = 2,
  EncryptEmail_DontEncrypt    = 3
} EncryptEmail;
 
typedef enum {
  CertSrc_undef               = 0,
 
  CertSrc_Server              = 1,
  CertSrc_Local               = 2,
  CertSrc_ServerLocal         = CertSrc_Server | CertSrc_Local
} CertificateSource;
 
 
enum {
    SigStat_VALID       = 0x0001,   /* The signature is fully valid */
    SigStat_GREEN       = 0x0002,   /* The signature is good. */
    SigStat_RED         = 0x0004,   /* The signature is bad. */
    SigStat_KEY_REVOKED = 0x0010,   /* One key has been revoked. */
    SigStat_KEY_EXPIRED = 0x0020,   /* One key has expired. */
    SigStat_SIG_EXPIRED = 0x0040,   /* The signature has expired. */
    SigStat_KEY_MISSING = 0x0080,   /* Can't verify: key missing. */
    SigStat_CRL_MISSING = 0x0100,   /* CRL not available. */
    SigStat_CRL_TOO_OLD = 0x0200,   /* Available CRL is too old. */
    SigStat_BAD_POLICY  = 0x0400,   /* A policy was not met. */
    SigStat_SYS_ERROR   = 0x0800,   /* A system error occurred. */
 
    SigStat_NUMERICAL_CODE = 0x8000 /* An other error occurred. */
};
typedef unsigned long SigStatusFlags;
 
class CryptPlugWrapper;
 
class TDE_EXPORT CryptPlug {
  friend class CryptPlugWrapper;
protected:
  CryptPlug();
  virtual ~CryptPlug();
 
  // these must be set by subclasses:
  gpgme_protocol_t GPGMEPLUG_PROTOCOL;
  GpgME::Context::Protocol mProtocol;
 
  /* definitions for signing */
  // 1. opaque signatures (only used for S/MIME)
  int GPGMEPLUG_OPA_SIGN_INCLUDE_CLEARTEXT;
  int GPGMEPLUG_OPA_SIGN_MAKE_MIME_OBJECT;
  int GPGMEPLUG_OPA_SIGN_MAKE_MULTI_MIME;
  const char * GPGMEPLUG_OPA_SIGN_CTYPE_MAIN;
  const char * GPGMEPLUG_OPA_SIGN_CDISP_MAIN;
  const char * GPGMEPLUG_OPA_SIGN_CTENC_MAIN;
  const char * GPGMEPLUG_OPA_SIGN_CTYPE_VERSION;
  const char * GPGMEPLUG_OPA_SIGN_CDISP_VERSION;
  const char * GPGMEPLUG_OPA_SIGN_CTENC_VERSION;
  const char * GPGMEPLUG_OPA_SIGN_BTEXT_VERSION;
  const char * GPGMEPLUG_OPA_SIGN_CTYPE_CODE;
  const char * GPGMEPLUG_OPA_SIGN_CDISP_CODE;
  const char * GPGMEPLUG_OPA_SIGN_CTENC_CODE;
  const char * GPGMEPLUG_OPA_SIGN_FLAT_PREFIX;
  const char * GPGMEPLUG_OPA_SIGN_FLAT_SEPARATOR;
  const char * GPGMEPLUG_OPA_SIGN_FLAT_POSTFIX;
  // 2. detached signatures (used for S/MIME and for OpenPGP)
  int GPGMEPLUG_DET_SIGN_INCLUDE_CLEARTEXT;
  int GPGMEPLUG_DET_SIGN_MAKE_MIME_OBJECT;
  int GPGMEPLUG_DET_SIGN_MAKE_MULTI_MIME;
  const char * GPGMEPLUG_DET_SIGN_CTYPE_MAIN;
  const char * GPGMEPLUG_DET_SIGN_CDISP_MAIN;
  const char * GPGMEPLUG_DET_SIGN_CTENC_MAIN;
  const char * GPGMEPLUG_DET_SIGN_CTYPE_VERSION;
  const char * GPGMEPLUG_DET_SIGN_CDISP_VERSION;
  const char * GPGMEPLUG_DET_SIGN_CTENC_VERSION;
  const char * GPGMEPLUG_DET_SIGN_BTEXT_VERSION;
  const char * GPGMEPLUG_DET_SIGN_CTYPE_CODE;
  const char * GPGMEPLUG_DET_SIGN_CDISP_CODE;
  const char * GPGMEPLUG_DET_SIGN_CTENC_CODE;
  const char * GPGMEPLUG_DET_SIGN_FLAT_PREFIX;
  const char * GPGMEPLUG_DET_SIGN_FLAT_SEPARATOR;
  const char * GPGMEPLUG_DET_SIGN_FLAT_POSTFIX;
  // 3. common definitions for opaque and detached signing
  int __GPGMEPLUG_SIGNATURE_CODE_IS_BINARY;
 
  /* definitions for encoding */
  int GPGMEPLUG_ENC_INCLUDE_CLEARTEXT;
  int GPGMEPLUG_ENC_MAKE_MIME_OBJECT;
  int GPGMEPLUG_ENC_MAKE_MULTI_MIME;
  const char * GPGMEPLUG_ENC_CTYPE_MAIN;
  const char * GPGMEPLUG_ENC_CDISP_MAIN;
  const char * GPGMEPLUG_ENC_CTENC_MAIN;
  const char * GPGMEPLUG_ENC_CTYPE_VERSION;
  const char * GPGMEPLUG_ENC_CDISP_VERSION;
  const char * GPGMEPLUG_ENC_CTENC_VERSION;
  const char * GPGMEPLUG_ENC_BTEXT_VERSION;
  const char * GPGMEPLUG_ENC_CTYPE_CODE;
  const char * GPGMEPLUG_ENC_CDISP_CODE;
  const char * GPGMEPLUG_ENC_CTENC_CODE;
  const char * GPGMEPLUG_ENC_FLAT_PREFIX;
  const char * GPGMEPLUG_ENC_FLAT_SEPARATOR;
  const char * GPGMEPLUG_ENC_FLAT_POSTFIX;
  int __GPGMEPLUG_ENCRYPTED_CODE_IS_BINARY;
  // end-of(these must be set by subclasses)
 
public:
 
#define CRYPTPLUG_CERT_DOES_NEVER_EXPIRE 365000
#define CRYPTPLUG_ERR_WRONG_KEY_USAGE 0x7070
 
bool initialize( void );
 
//void deinitialize( void );
 
bool hasFeature( ::Feature );
 
struct StructuringInfo {
  bool includeCleartext;     
  bool  makeMimeObject;      
  /* the following are used for MIME messages only */
  bool  makeMultiMime;       
  char* contentTypeMain;     
  char* contentDispMain;     
  char* contentTEncMain;     
  char* contentTypeVersion;  
  char* contentDispVersion;  
  char* contentTEncVersion;  
  char* bodyTextVersion;     
  char* contentTypeCode;     
  char* contentDispCode;     
  char* contentTEncCode;     
  /* the following are used for flat non-MIME messages only */
  char* flatTextPrefix;      
  char* flatTextSeparator;   
  char* flatTextPostfix;     
};
 
 
  inline void init_StructuringInfo( struct StructuringInfo* s )
  {
    if( ! s ) return;
 
    s->includeCleartext = false;
 
    s->makeMimeObject = false;
    s->makeMultiMime = false;
 
    s->contentTypeMain = 0;
    s->contentDispMain = 0;
    s->contentTEncMain = 0;
 
    s->contentTypeVersion = 0;
    s->contentDispVersion = 0;
    s->contentTEncVersion = 0;
    s->bodyTextVersion = 0;
 
    s->contentTypeCode = 0;
    s->contentDispCode = 0;
    s->contentTEncCode = 0;
 
    s->flatTextPrefix = 0;
    s->flatTextSeparator = 0;
    s->flatTextPostfix = 0;
  }
 
  inline void free_StructuringInfo( struct StructuringInfo* s )
  {
    if( ! s ) return;
    if( s->contentTypeMain )    free( s->contentTypeMain );
    if( s->contentDispMain )    free( s->contentDispMain );
    if( s->contentTEncMain )    free( s->contentTEncMain );
    if( s->contentTypeVersion ) free( s->contentTypeVersion );
    if( s->contentDispVersion ) free( s->contentDispVersion );
    if( s->contentTEncVersion ) free( s->contentTEncVersion );
    if( s->bodyTextVersion )    free( s->bodyTextVersion );
    if( s->contentTypeCode )    free( s->contentTypeCode );
    if( s->contentDispCode )    free( s->contentDispCode );
    if( s->contentTEncCode )    free( s->contentTEncCode );
    if( s->flatTextPrefix )     free( s->flatTextPrefix );
    if( s->flatTextSeparator )  free( s->flatTextSeparator );
    if( s->flatTextPostfix )    free( s->flatTextPostfix );
  }
 
 
struct SignatureMetaDataExtendedInfo
{
    struct tm* creation_time;
    SigStatusFlags sigStatusFlags;
    char* status_text;
    char* keyid;
    char* fingerprint;
    char* algo;
    char* userid;
    char* name;
    char* comment;
    char** emailList;
    int    emailCount;
    unsigned long algo_num;
    unsigned long validity;
    unsigned long userid_num;
    unsigned long keylen;
    unsigned long key_created;
    unsigned long key_expires;
};
 
struct SignatureMetaData {
    char* status;
    struct SignatureMetaDataExtendedInfo* extended_info;
    int extended_info_count;
    int status_code;
};
 
bool checkMessageSignature( char** cleartext,
                            const char* signaturetext,
                            bool signatureIsBinary,
                            int signatureLen,
                            struct SignatureMetaData* sigmeta,
                            char** attrOrder,
                            const char* unknownAttrsHandling );
 
 
bool decryptMessage( const char*  ciphertext,
                     bool         cipherIsBinary,
                     int          cipherLen,
                     const char** cleartext,
                     const char*  certificate,
                     int* errId,
                     char** errTxt );
 
bool decryptAndCheckMessage( const char*  ciphertext,
                             bool         cipherIsBinary,
                             int          cipherLen,
                             const char** cleartext,
                             const char*  certificate,
                             bool*        signatureFound,
                             struct SignatureMetaData* sigmeta,
                             int*   errId,
                             char** errTxt,
                             char** attrOrder,
                             const char* unknownAttrsHandling );
 
struct DnPair {
    char *key;
    char *value;
};
 
struct CertificateInfo {
  char** userid;
  char* userid_0_org;
  char* serial;
  char* fingerprint;
 
  char* issuer_org;
  char* issuer_reord;
  char* chainid;
 
  char* caps;
 
  unsigned long created;
  unsigned long expire;
 
  int secret   : 1;
  int invalid  : 1;
  int expired  : 1;
  int disabled : 1;
 
  struct DnPair *dnarray; /* parsed values from userid[0] */
};
 
  GpgME::ImportResult importCertificateFromMem( const char* data, size_t length );
}; // class CryptPlug
 
class SMIMECryptPlug : public CryptPlug {
public:
  SMIMECryptPlug();
};
 
class OpenPGPCryptPlug : public CryptPlug {
public:
  OpenPGPCryptPlug();
};
 
#endif /*CRYPTPLUG_H*/